Blitz Week

Register for FierceTelecom Blitz Week - June 15-18

As the telecom industry moves forward in the age of new technology, FierceTelecom Blitz week addresses the questions of how platforms, providers, and more will modernize to keep up with these fast-paced changes and their current status of implementing these changes. Join us June 15-18 to dive deep into the world of telecom transformation.

So what’s the culprit? Corero attributes this increase in attacks to the growing availability of DDoS-for-hire services and the proliferation of unsecured IoT devices.

Specifically, the “Reaper” botnet is known to have already infected thousands of devices and is believed to be particularly dangerous due to its ability to use known security flaws in the code of those insecure machines. Similar to a computer worm, it hacks into IoT devices and then hunts for new devices to infect in order to spread itself further.

Ashley Stephenson

“Cyber criminals try to harness more and more Internet-connected devices to build ever larger botnets,” said Ashley Stephenson, CEO of Corero, in a release about the study. “The potential scale and power of IoT botnets has the ability to create Internet chaos and dire results for target victims.”

Besides the frequency of attacks, Corero’s data reveals that hackers are using sophisticated, quick-fire, multivector attacks against an organization’s security. A fifth of the DDoS attack attempts recorded during the second quarter of 2017 used multiple attack vectors. These attacks utilize several techniques in the hope that one, or the combination of a few, can penetrate the target network’s security defenses.

Stephenson said that the only way to stay ahead of these “increasingly sophisticated, frequent and low volume attacks is to maintain comprehensive visibility and automated mitigation capabilities across a network.”

Another issue Corero observed in its study is the return of ransom denial of service, or RDoS, during the third quarter. Phantom Squad, a hacker group, began a widespread wave of RDoS threats in September, targeting companies throughout the U.S., Europe and Asia.

The extortion campaign spanned a variety of industries from banking and financial institutions, to hosting providers, online gaming services and SaaS organizations and threatened to launch attacks on Sept. 30 unless a Bitcoin payment was made.